CVE-2026-8766 | Kilo-Org kilocode up to 7.0.47 Environment Variable config.ts load KILO_CONFIG_CONTENT information disclosure

A vulnerability described as problematic has been identified in Kilo-Org kilocode up to 7.0.47. This issue affects the function Load of the file packages/opencode/src/config/config.ts of the component Environment Variable Handler. Executing a manipulation of the argument KILO_CONFIG_CONTENT can lead to information disclosure.

This vulnerability is registered as CVE-2026-8766. It is possible to launch the attack remotely. Furthermore, an exploit is available.

The vendor was contacted early about this disclosure but did not respond in any way.

CVE-2026-8766 | Kilo-Org kilocode up to 7.0.47 Environment Variable config.ts load KILO_CONFIG_CONTENT information disclosure

Post correlati

CVE-2026-25899 | gofiber up to 3.0.x fiber_flash memory allocation

CVE-2024-20439 | Cisco Smart License Utility 2.0.0/2.1.0/2.2.0 backdoor (cisco-sa-cslu-7gHMzWmw)

CVE-2025-6976 | Events Manager Plugin up to 7.0.3 on WordPress Shortcode cross site scripting

CVE-2025-39894 | Linux Kernel up to 5.15.191/6.1.150/6.6.104/6.12.45/6.16.5 br_netfilter_hooks.c br_nf_local_in hash privilege escalation